System Force I.T.

Zoom vulnerability can let hackers steal credentials

Zoom vulnerability can let hackers steal users credentials

With more people working for home the use of communication tools such as 3CX, Microsoft Teams and Zoom has increased considerably for collaboration. However the Zoom conferencing service has already had it’s share of privacy issues but now a more serious vulnerability has been uncovered within the video conference service.

The vulnerability has to do with a feature in Zoom’s chat that automatically links UNCs (universal naming convention) or URLs to make it easier for users to navigate to the locations specified in them. However, these UNCs can also be Windows networking paths that will be converted into links for users to click on, which can then be used to extract Windows credentials of the user when Windows tries to connect to the site using the SMB file-sharing protocol.

When users click on the path and the OS tries to establish a connection with the remote site, it sends the users’ login name and their NTLM password hash, which can be cracked by hackers using tools that can de-hash these passwords.

Zoom has yet to acknowledge the vulnerability and while it is unlikely users will experience conversations with bad actors, it is still an issues that needs addressing.

If you are at all worried that your security has been compromised, contact your IT support or alternatively update your passwords.

For users wanting to use a free video conferencing service, no signup, no downloads and no commitment, 3cx are offering there standard web conferencing service for free, simply click here.